Merge branch 'main' into mrajagopal-unit-tests

mrajagopal · mrajagopal · commit 7beddf9b2d09 · 2025-10-16T13:46:28.000+13:00
diff --git a/.github/scripts/verify-manifest.sh b/.github/scripts/verify-manifest.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Exit codes:
+#  0 - success
+#  3 - missing dependency (jq)
+#  4 - manifest.json not found
+#  5 - manifest.json exists but is not a regular file
+#  6 - manifest.json is not valid JSON
+#  7 - missing required JSON keys
+#  8 - missing files in the supportpkg
+#  9 - missing files in the manifest
+
+if [[ ${#} -ne 1 ]]; then
+  usage
+fi
+
+dir="$1"
+manifest="$dir/manifest.json"
+
+if ! command -v jq >/dev/null 2>&1; then
+  echo "ERROR: jq is required but not found in PATH" >&2
+  exit 3
+fi
+
+if [[ ! -e "$manifest" ]]; then
+  echo "ERROR: manifest.json not found in directory: $dir" >&2
+  exit 4
+fi
+
+if [[ ! -f "$manifest" ]]; then
+  echo "ERROR: $manifest exists but is not a regular file" >&2
+  exit 5
+fi
+
+# Validate JSON
+if ! jq empty "$manifest" >/dev/null 2>&1; then
+  echo "ERROR: $manifest is not valid JSON" >&2
+  # show where jq fails (best-effort)
+  jq . "$manifest" 2>/dev/null || true
+  exit 6
+fi
+
+required=(
+  "version"
+  "ts.start"
+  "ts.stop"
+  "package_type"
+  "root_dir"
+  "commands"
+  "platform_info.platform_type"
+  "platform_info.hostname"
+  "platform_info.serial_number"
+  "product_info.product"
+  "product_info.version"
+  "product_info.build"
+)
+
+missing=()
+for p in "${required[@]}"; do
+  # Test presence: use getpath(split(".")) and check that it exists and is not null
+  if ! jq -e --arg p "$p" 'getpath($p | split(".")) != null' "$manifest" >/dev/null 2>&1; then
+    missing+=("$p")
+  fi
+done
+
+if [[ ${#missing[@]} -ne 0 ]]; then
+  echo "ERROR: manifest.json is missing required keys:" >&2
+  for m in "${missing[@]}"; do
+    echo "  - $m" >&2
+  done
+  exit 7
+fi
+
+# Check that there is a 1:1 correspondence between manifest and tarball content
+
+find "${dir}" -type f -mindepth 1 | cut -c "$(( ${#dir} + 1 ))"- > find-output.txt
+jq -r '.commands[].output' "${dir}"/manifest.json > manifest-output.txt
+printf "/manifest.json\n/supportpkg.log" >> manifest-output.txt
+if grep -vxFf find-output.txt manifest-output.txt >/dev/null; then
+  echo "ERROR: Manifest contains files not present in the supportpkg:"
+  grep -vxFf find-output.txt manifest-output.txt
+  exit 8
+fi
+if grep -vxFf manifest-output.txt find-output.txt >/dev/null; then
+  echo "ERROR: Supportpkg contains files not present in the manifest:"
+  grep -vxFf manifest-output.txt find-output.txt
+  exit 9
+fi
+
+# All good if we reached this point
+
+echo "OK: $manifest is valid and consistent with the supportpkg contents"
+exit 0
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -21,7 +21,7 @@ jobs:
         run: echo "Starting Release Build for ${RELEASE_VERSION}"
         
       - name: Checkout code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5
 
       - name: List repository files
         run: ls -R .; pwd
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ github.event.repository.fork == false }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
       - name: Scan
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -12,10 +12,10 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v6
       with:
         go-version: '1.24'
 
@@ -106,6 +106,10 @@ jobs:
         # Verify expected files exist
         bash .github/scripts/verify-contents.sh extracted_test
 
+    - name: Validate manifest file
+      run: |
+        bash .github/scripts/verify-manifest.sh extracted_test
+
     - name: Upload test artifacts
       if: always()
       uses: actions/upload-artifact@v4
diff --git a/.github/workflows/release-builder.yml b/.github/workflows/release-builder.yml
@@ -12,21 +12,21 @@ env:
 
 jobs:
   build:
-    if: endsWith(github.event.release.tag_name, '-krew')
+    if: "!endsWith(github.event.release.tag_name, '-docker')"
     permissions:
       contents: write
 
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
       - name: Set Release Version
         run: echo "RELEASE_VERSION=${RELEASE_VERSION%-krew}" >> $GITHUB_ENV
 
       - name: Set up Go
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4.2.1
         with:
           go-version: '1.24.3'
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
         with:
           persist-credentials: false
 
@@ -55,6 +55,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0
+        uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
         with:
           sarif_file: results.sarif
